Not entirely. My current customer is a government, and they are worried about "APT" (advanced persistent threats). The fear isn't that "one breach and it's game over". It's a fear that a vulnerability can be used to inject something, that will then be utilised sometime down the track when defences are lowered. Getting something onto a box, that could then be used sometime down the track (perhaps to access a minister's email, and then send it out via a browser) is definitely something they are worried about.
Cheers Ken -----Original Message----- From: Carl Houseman [mailto:[email protected]] Sent: Thursday, 26 August 2010 11:11 PM To: NT System Admin Issues Subject: RE: Insecure Library Loading Vulnerability See my response to ASB. Those who are setting the registry value to INT_MAX don't understand the problem they are trying to prevent. Carl -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, August 26, 2010 10:53 AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 10:21 AM, Carl Houseman <[email protected]> wrote: > Outlook relies on it? What version? Someone has reported that Outlook 2002 changes directory to load the MAPI DLLs: http://isc.sans.edu/diary.html?storyid=9445 (comment from Erik van Straten) > My 2007 hasn't noticed a difference since applying the workaround > patch and registry value=2. CWDIllegalInDllSearch=2 only prevents loading of DLLs if CWD is a network location. Since the MAPI DLLs are loaded from the local hard disk, that wouldn't break Outlook 2002 anyway. Only CWDIllegalInDllSearch=INT_MAX would cause the problem. But it's certainly possible Outlook 2007 doesn't load the DLLs this way in the first place. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
